diff --git a/CHANGELOG.md b/CHANGELOG.md index 9840f40..756ab59 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,10 @@ Following semver, any non backwards compatible feature implies that the next rel ## [Unreleased] +### Added + +- FEATURE: add the cleanup policies management for the repositories. + ## [0.4.0] - 2024-05-02 [Compare with previous version](https://github.com/sparkfabrik/terraform-google-gcp-artifact-registry/compare/0.3.0...0.4.0) diff --git a/README.md b/README.md index 51bf916..6ec5435 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ This module is provided without any kind of warranty and is GPL3 licensed. | [default\_location](#input\_default\_location) | The default location for the Artifact Registry repositories. | `string` | `"europe-west1"` | no | | [enable\_api](#input\_enable\_api) | Enable the Artifact Registry API. | `bool` | `true` | no | | [project\_id](#input\_project\_id) | The GCP project ID that hosts the Artifact Registry. | `string` | n/a | yes | -| [repositories](#input\_repositories) | List of Artifact Registry repositories to create. |
map(object({
description = string
format = optional(string, "DOCKER")
mode = optional(string, "STANDARD_REPOSITORY")
cleanup_policy_dry_run = optional(bool, true)
docker_immutable_tags = optional(bool, true)
virtual_repository_config = optional(map(object({
repository = string
priority = optional(number, 0)
})), null)
remote_repository_config_docker = optional(object({
description = optional(string, "")
custom_repository_uri = string
disable_upstream_validation = optional(bool, false)
username_password_credentials_username = optional(string, "")
username_password_credentials_password_secret_version = optional(string, "")
}), null)
readers = optional(list(string), [])
writers = optional(list(string), [])
location = optional(string, "")
}))
| n/a | yes | +| [repositories](#input\_repositories) | List of Artifact Registry repositories to create. |
map(object({
description = string
format = optional(string, "DOCKER")
mode = optional(string, "STANDARD_REPOSITORY")
cleanup_policy_dry_run = optional(bool, true)
cleanup_policies = optional(map(object({
action = optional(string, ""),
condition = optional(object({
tag_state = optional(string),
tag_prefixes = optional(list(string), []),
version_name_prefixes = optional(list(string), []),
package_name_prefixes = optional(list(string), []),
older_than = optional(string),
newer_than = optional(string),
}), {}),
most_recent_versions = optional(object({
package_name_prefixes = optional(list(string), []),
keep_count = optional(number, 0)
}), {})
})), {})
docker_immutable_tags = optional(bool, true)
virtual_repository_config = optional(map(object({
repository = string
priority = optional(number, 0)
})), null)
remote_repository_config_docker = optional(object({
description = optional(string, "")
custom_repository_uri = string
disable_upstream_validation = optional(bool, false)
username_password_credentials_username = optional(string, "")
username_password_credentials_password_secret_version = optional(string, "")
}), null)
readers = optional(list(string), [])
writers = optional(list(string), [])
location = optional(string, "")
}))
| n/a | yes | ## Outputs diff --git a/main.tf b/main.tf index e48b4f1..9de5388 100644 --- a/main.tf +++ b/main.tf @@ -44,6 +44,34 @@ resource "google_artifact_registry_repository" "repositories" { location = each.value.location != "" ? each.value.location : var.default_location cleanup_policy_dry_run = each.value.cleanup_policy_dry_run + dynamic "cleanup_policies" { + for_each = each.value.cleanup_policies + content { + id = cleanup_policies.key + action = cleanup_policies.value.action + + dynamic "condition" { + for_each = cleanup_policies.value.condition != {} ? [cleanup_policies.value.condition] : [] + content { + tag_state = condition.value.tag_state + tag_prefixes = condition.value.tag_prefixes + version_name_prefixes = condition.value.version_name_prefixes + package_name_prefixes = condition.value.package_name_prefixes + older_than = condition.value.older_than + newer_than = condition.value.newer_than + } + } + + dynamic "most_recent_versions" { + for_each = cleanup_policies.value.most_recent_versions != {} && cleanup_policies.value.most_recent_versions.keep_count != 0 ? [cleanup_policies.value.most_recent_versions] : [] + content { + package_name_prefixes = most_recent_versions.value.package_name_prefixes + keep_count = most_recent_versions.value.keep_count + } + } + } + } + dynamic "virtual_repository_config" { for_each = each.value.mode == "VIRTUAL_REPOSITORY" ? each.value.virtual_repository_config : {} diff --git a/variables.tf b/variables.tf index 97784da..614bd85 100644 --- a/variables.tf +++ b/variables.tf @@ -23,7 +23,22 @@ variable "repositories" { format = optional(string, "DOCKER") mode = optional(string, "STANDARD_REPOSITORY") cleanup_policy_dry_run = optional(bool, true) - docker_immutable_tags = optional(bool, true) + cleanup_policies = optional(map(object({ + action = optional(string, ""), + condition = optional(object({ + tag_state = optional(string), + tag_prefixes = optional(list(string), []), + version_name_prefixes = optional(list(string), []), + package_name_prefixes = optional(list(string), []), + older_than = optional(string), + newer_than = optional(string), + }), {}), + most_recent_versions = optional(object({ + package_name_prefixes = optional(list(string), []), + keep_count = optional(number, 0) + }), {}) + })), {}) + docker_immutable_tags = optional(bool, true) virtual_repository_config = optional(map(object({ repository = string priority = optional(number, 0) @@ -39,7 +54,23 @@ variable "repositories" { writers = optional(list(string), []) location = optional(string, "") })) + description = "List of Artifact Registry repositories to create." + + validation { + condition = alltrue([for policy in flatten([for repo in var.repositories : [for cp in repo.cleanup_policies : cp]]) : contains(["DELETE", "KEEP"], policy.action)]) + error_message = "Cleanup policy action must be either DELETE or KEEP." + } + + validation { + condition = alltrue([for policy in flatten([for repo in var.repositories : [for cp in repo.cleanup_policies : cp]]) : policy.condition.tag_state == null || contains(["ANY", "TAGGED", "UNTAGGED"], policy.condition.tag_state)]) + error_message = "Tag state must be ANY, TAGGED, or UNTAGGED." + } + + validation { + condition = alltrue([for policy in flatten([for repo in var.repositories : [for cp in repo.cleanup_policies : cp]]) : policy.most_recent_versions == {} || policy.most_recent_versions.keep_count == null || policy.most_recent_versions.keep_count >= 0]) + error_message = "Keep count must be a non-negative number." + } } variable "artifact_registry_listers_custom_role_name" {